search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Supervised user import: Listen for profile creation/deletion
[chromium-blink-merge.git] / content / browser / ssl / ssl_policy.cc
blob5a627fb484e068be42d45eb0a4796d712edcf3c4
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/ssl/ssl_policy.h"
6
7 #include "base/base_switches.h"
8 #include "base/bind.h"
9 #include "base/command_line.h"
10 #include "base/memory/singleton.h"
11 #include "base/metrics/histogram_macros.h"
12 #include "base/strings/string_piece.h"
13 #include "base/strings/string_util.h"
14 #include "content/browser/frame_host/navigation_entry_impl.h"
15 #include "content/browser/renderer_host/render_process_host_impl.h"
16 #include "content/browser/renderer_host/render_view_host_impl.h"
17 #include "content/browser/site_instance_impl.h"
18 #include "content/browser/ssl/ssl_cert_error_handler.h"
19 #include "content/browser/ssl/ssl_request_info.h"
20 #include "content/browser/web_contents/web_contents_impl.h"
21 #include "content/public/browser/content_browser_client.h"
22 #include "content/public/common/resource_type.h"
23 #include "content/public/common/ssl_status.h"
24 #include "content/public/common/url_constants.h"
25 #include "net/ssl/ssl_info.h"
26
27
28 namespace content {
29
30 namespace {
31
32 // Events for UMA. Do not reorder or change!
33 enum SSLGoodCertSeenEvent {
34 NO_PREVIOUS_EXCEPTION = 0,
35 HAD_PREVIOUS_EXCEPTION = 1,
36 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2
37 };
38 }
39
40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
41 : backend_(backend) {
42 DCHECK(backend_);
43 }
44
45 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
46 bool expired_previous_decision;
47 // First we check if we know the policy for this error.
48 DCHECK(handler->ssl_info().is_valid());
49 SSLHostStateDelegate::CertJudgment judgment =
50 backend_->QueryPolicy(*handler->ssl_info().cert.get(),
51 handler->request_url().host(),
52 handler->cert_error(),
53 &expired_previous_decision);
54
55 if (judgment == SSLHostStateDelegate::ALLOWED) {
56 handler->ContinueRequest();
57 return;
58 }
59
60 // For all other hosts, which must be DENIED, a blocking page is shown to the
61 // user every time they come back to the page.
62 int options_mask = 0;
63 switch (handler->cert_error()) {
64 case net::ERR_CERT_COMMON_NAME_INVALID:
65 case net::ERR_CERT_DATE_INVALID:
66 case net::ERR_CERT_AUTHORITY_INVALID:
67 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
68 case net::ERR_CERT_WEAK_KEY:
69 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
70 case net::ERR_CERT_VALIDITY_TOO_LONG:
71 if (!handler->fatal())
72 options_mask |= OVERRIDABLE;
73 else
74 options_mask |= STRICT_ENFORCEMENT;
75 if (expired_previous_decision)
76 options_mask |= EXPIRED_PREVIOUS_DECISION;
77 OnCertErrorInternal(handler, options_mask);
78 break;
79 case net::ERR_CERT_NO_REVOCATION_MECHANISM:
80 // Ignore this error.
81 handler->ContinueRequest();
82 break;
83 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
84 // We ignore this error but will show a warning status in the location
85 // bar.
86 handler->ContinueRequest();
87 break;
88 case net::ERR_CERT_CONTAINS_ERRORS:
89 case net::ERR_CERT_REVOKED:
90 case net::ERR_CERT_INVALID:
91 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
92 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
93 if (handler->fatal())
94 options_mask |= STRICT_ENFORCEMENT;
95 if (expired_previous_decision)
96 options_mask |= EXPIRED_PREVIOUS_DECISION;
97 OnCertErrorInternal(handler, options_mask);
98 break;
99 default:
100 NOTREACHED();
101 handler->CancelRequest();
102 break;
103 }
104 }
105
106 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry,
107 const std::string& security_origin) {
108 if (!entry)
109 return;
110
111 SiteInstance* site_instance = entry->site_instance();
112 if (!site_instance)
113 return;
114
115 backend_->HostRanInsecureContent(GURL(security_origin).host(),
116 site_instance->GetProcess()->GetID());
117 }
118
119 void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
120 // TODO(abarth): This mechanism is wrong. What we should be doing is sending
121 // this information back through WebKit and out some FrameLoaderClient
122 // methods.
123
124 if (net::IsCertStatusError(info->ssl_cert_status())) {
125 backend_->HostRanInsecureContent(info->url().host(), info->child_id());
126 } else {
127 SSLGoodCertSeenEvent event = NO_PREVIOUS_EXCEPTION;
128 if (backend_->HasAllowException(info->url().host())) {
129 // If there's no certificate error, a good certificate has been seen, so
130 // clear out any exceptions that were made by the user for bad
131 // certificates.
132 backend_->RevokeUserAllowExceptions(info->url().host());
133 event = HAD_PREVIOUS_EXCEPTION;
134 }
135 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.good_cert_seen", event,
136 SSL_GOOD_CERT_SEEN_EVENT_MAX);
137 }
138 }
139
140 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
141 WebContentsImpl* web_contents) {
142 DCHECK(entry);
143
144 InitializeEntryIfNeeded(entry);
145
146 if (!entry->GetURL().SchemeIsSecure())
147 return;
148
149 if (!web_contents->DisplayedInsecureContent())
150 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT;
151
152 // An HTTPS response may not have a certificate for some reason. When that
153 // happens, use the unauthenticated (HTTP) rather than the authentication
154 // broken security style so that we can detect this error condition.
155 if (!entry->GetSSL().cert_id) {
156 entry->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED;
157 return;
158 }
159
160 if (web_contents->DisplayedInsecureContent())
161 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;
162
163 if (net::IsCertStatusError(entry->GetSSL().cert_status)) {
164 // Minor errors don't lower the security style to
165 // SECURITY_STYLE_AUTHENTICATION_BROKEN.
166 if (!net::IsCertStatusMinorError(entry->GetSSL().cert_status)) {
167 entry->GetSSL().security_style =
168 SECURITY_STYLE_AUTHENTICATION_BROKEN;
169 }
170 return;
171 }
172
173 SiteInstance* site_instance = entry->site_instance();
174 // Note that |site_instance| can be NULL here because NavigationEntries don't
175 // necessarily have site instances. Without a process, the entry can't
176 // possibly have insecure content. See bug http://crbug.com/12423.
177 if (site_instance &&
178 backend_->DidHostRunInsecureContent(
179 entry->GetURL().host(), site_instance->GetProcess()->GetID())) {
180 entry->GetSSL().security_style =
181 SECURITY_STYLE_AUTHENTICATION_BROKEN;
182 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT;
183 return;
184 }
185 }
186
187 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
188 bool allow) {
189 DCHECK(handler->ssl_info().is_valid());
190 if (allow) {
191 // Default behavior for accepting a certificate.
192 // Note that we should not call SetMaxSecurityStyle here, because the active
193 // NavigationEntry has just been deleted (in HideInterstitialPage) and the
194 // new NavigationEntry will not be set until DidNavigate. This is ok,
195 // because the new NavigationEntry will have its max security style set
196 // within DidNavigate.
197 //
198 // While AllowCertForHost() executes synchronously on this thread,
199 // ContinueRequest() gets posted to a different thread. Calling
200 // AllowCertForHost() first ensures deterministic ordering.
201 backend_->AllowCertForHost(*handler->ssl_info().cert.get(),
202 handler->request_url().host(),
203 handler->cert_error());
204 handler->ContinueRequest();
205 } else {
206 // Default behavior for rejecting a certificate.
207 handler->CancelRequest();
208 }
209 }
210
211 ////////////////////////////////////////////////////////////////////////////////
212 // Certificate Error Routines
213
214 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
215 int options_mask) {
216 bool overridable = (options_mask & OVERRIDABLE) != 0;
217 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0;
218 bool expired_previous_decision =
219 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0;
220 CertificateRequestResultType result =
221 CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
222 GetContentClient()->browser()->AllowCertificateError(
223 handler->render_process_id(),
224 handler->render_frame_id(),
225 handler->cert_error(),
226 handler->ssl_info(),
227 handler->request_url(),
228 handler->resource_type(),
229 overridable,
230 strict_enforcement,
231 expired_previous_decision,
232 base::Bind(&SSLPolicy::OnAllowCertificate,
233 base::Unretained(this),
234 make_scoped_refptr(handler)),
235 &result);
236 switch (result) {
237 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE:
238 break;
239 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL:
240 handler->CancelRequest();
241 break;
242 case CERTIFICATE_REQUEST_RESULT_TYPE_DENY:
243 handler->DenyRequest();
244 break;
245 default:
246 NOTREACHED();
247 }
248 }
249
250 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) {
251 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN)
252 return;
253
254 entry->GetSSL().security_style = entry->GetURL().SchemeIsSecure() ?
255 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED;
256 }
257
258 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
259 GURL parsed_origin(origin);
260 if (parsed_origin.SchemeIsSecure())
261 backend_->HostRanInsecureContent(parsed_origin.host(), pid);
262 }
263
264 } // namespace content